VMware NSX

VMware NSX

Dashboard Widgets

General (General overview of the system)

Cleanup (Summary of the number of rules that are disabled or fully shadowed)

USP Compliance (The number of rules with violations, according to their severity level)

Audit (The number of rules withe expired access or will have access expire within the next month)

Recent Changes (Rules and devices with changes in the past 30 days)

Browsers

Rule Viewer (see Rule Viewer)

Object Lookup (See Object Lookup)

USP Viewer (see USP Viewer)

USP Alert Manager Viewer (see USP Alerts Manager)

USP Exceptions Viewer (see USP Exceptions)

Changes (see Change Browser)

Cleanup (see Cleanup Browser)

Device Viewer (see Device Viewer)

Change Management

Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)

Display IPv6 objects

Graphical Policy (Policies are displayed in SecureTrack as they are shown in the vendor's management software)

Real-time Monitoring (Regularly automatically fetches policy information from the device)

Accountability - Installed Revisions

Create SecureChange ticket from Rule Viewer for:
  • Rule Decommission (Removes selected rules from supported devices)

  • Rule Recertification(Used to document and verify the need for a rule)

Topology

Static Topology

BGP Dynamic Routes

Notes for VMware NSX:

  • Real-time monitoring uses device polling.

  • These features are not supported: unused objects cleanup, offline analysis.

  • Topology support only includes North-South connectivity and, in topology diagrams, traffic inside a logical switch will be seen as passing logical router.

  • For Auditing and Reporting, these features are supported: Regulations browser, Rule Viewer, New Revision report.

  • Dynamic Topology (BGP dynamic routing) is supported for NSX-T

  • New NSX-T devices are automatically configured with Declarative (Policy) APIs. Devices that were previously added using Imperative APIs will continue to work. In the Device Manager, the name of a device indicates whether the device is configured with a Declarative or Impertitive API.

    To convert a device that was previously added using Imperative APIs to Declarative APIs you need to add the device as a new device, and remove or disable the old instance of the device.

  • In NSX-T Devices, support for dynamic Security Groups based on tags set in the device.